The personal account has become an omnipresent aspect of contemporary society, associated with almost every aspect of our lives. Personal accounts are associated with, for example, telephone calling cards, checking and savings accounts in banks, computer networks, and credit cards. Typically, account security is maintained (and unauthorized access prevented) by use of a password or personal identification number (PIN).
Account security is maintained by requiring two separate steps for account access. First, the account number must be entered. Second, a password or PIN associated with the account must be entered as well. The account number is typically not concealed (i.e., it may be printed on the telephone calling card or credit card, or it may be recorded on a magnetic strip affixed to the card which is read by an associated card reader) and may be considered, at least for security purposes, to be readily accessible. In contrast, a password or PIN is not supposed to be readily accessible. Rather, a user is typically instructed to memorize and not write down a password or personal identification number to prevent inadvertent disclosure of the password or PIN. By keeping the password or PIN confidential, unauthorized access to an account is hopefully prevented.
For example, a telephone calling card number may be provided by keying in the number on a telephone keypad or, in some circumstances, sliding the telephone calling card through a magnetic card reader attached to a specially equipped telephone. The account number is printed on the telephone calling card, and accordingly is readily accessible to any individual looking at the telephone calling card. However, merely knowing the account number does not allow someone to use the telephone calling card since a caller also has to know the PIN associated with the telephone calling card before a call may be placed using the telephone calling card. In theory, someone who steals the telephone calling card or merely knows the account number printed on the telephone calling card cannot make fraudulent telephone calls using the telephone calling card account because only the authorized user knows the PIN necessary to activate the account.
Similarly, an automatic teller machine (ATM) access card has at least one account number associated with it which is normally recorded on a magnetic strip affixed to the card that is read when the card is inserted into the automatic teller machine. Again, unauthorized use of the card (and therefore unauthorized account access) is theoretically prevented by requiring entry of a personal identification number before an account identified on the card can be accessed to, for example, withdraw money from the account. The owner of the ATM access card is normally instructed to memorize the PIN and not write it down to prevent an unauthorized user from learning the PIN.
With respect to telephone calling cards and ATM access cards, a user will typically recall the PIN associated with the account and enter the PIN by pressing numeric buttons on a keypad At that instant, the secrecy of the PIN, which was stored only in the user's memory and therefore undetectable, evaporates. Any individual who can see the user entering the PIN can note the PIN as it is punched into the keypad and thereafter knows the PIN for the account.
Personal identification numbers are also used to limit cellular telephone fraud. Normally, each cellular telephone has a unique identifier which is transmitted along with the telephone call to identify the cellular telephone for billing purposes. Unfortunately, the unique identifier may be detected by a thief equipped with a scanner. The thief can then program another cellular telephone with the previously unique identifier and calls made using the "cloned" telephone will be billed to the cellular telephone from which the unique identifier was stolen. The providers of cellular telephone services have sought to reduce the amount of fraud perpetrated in this manner by requiring entry of an authorization code before the cellular telephone can be used. By so doing, the providers of cellular telephone services have established an additional level of security that limits fraudulent use of the telephone. Unfortunately, the personal identification number can also be detected by a scanner and this security technique may be defeated as well.
Computer networks also have user accounts and associated passwords. For example, a user may have an electronic mail account or, as is increasingly often the case, the user may have a personal account associated with a home page of the World Wide Web accessed through the Internet. Typically, the user's account number may be readily obtained but unauthorized access to the user's account is restricted by requiring entry of a password or personal identification number before access to the account is granted. For example, a computer user may have a stock trading account with a stock broker that maintains a web page. The user's account is not accessible without entry of an identification number, which is normally keyed in by the user at a remote terminal. As with other multiple level security systems using passwords or personal identification numbers, the identification number may be detected by an observer. In this case, the observer may be simply watching the keyboard or, alternatively, the observer may be using a so-called "sniffer" to observe the network traffic.
Another area where computer networks rely upon passwords for security is general network access. For example, many networks maintain a file for each user in which the user's various network account numbers (i.e., log in names) and associated passwords are maintained in a plain text file (e.g., r.host). This allows a user who has logged in to the network from her primary terminal to access various associated networks without having to repeatedly enter her user name and password for each access to an associated network. Although this system greatly enhances the ease with which a user can traverse network elements, it provides an opportunity for abuse if a computer hacker obtains access to the file information. At that point, the computer hacker can, at a minimum, view files to which he is not authorized for access. In worst case scenarios, the unauthorized user may destroy files or, under the guise of being an authorized user, otherwise damage the system or the authorized user's reputation.
In yet another application, a personal identification number or password is used in connection with voice mail. In a typical voice mail system, a user will enter the voice mail account number, typically the user's extension number, and then will be prompted to enter an access code of some kind. It is only by entering the appropriate access code (a PIN or password) that the user is able to listen to his or her voice mail. Thus, the user is able to maintain a degree of confidentiality with respect to her voice mail.
Each of these applications suffers from a common flaw. A casual observer or a dedicated intruder can detect the supposedly secret personal identification number or password, either by direct observation or by repeated trial attempts. Having determined what the personal identification number or password is, an unauthorized person can obtain access to the account with relative ease, having bypassed one of the security mechanisms intended to prevent such abuse.
For example, a telephone calling card can be readily abused by a thief observing an authorized user enter the calling card number and the personal identification number and recording the numbers as they are entered on the telephone keypad. The thief can then place hundreds if not thousands of dollars worth of unauthorized telephone calls.
Alternatively, a thief can watch a bank customer enter her personal identification number in an automatic teller machine and then steal the automatic teller machine access card from the bank customer. Because the thief knows the personal identification number, the thief can easily access all of the customer's bank accounts and the security provided by the personal identification number is easily defeated.
With respect to computer network systems, an intruder may be able to access an account number without direct observation of password entry but simply by repeated trial attempts. The hacker can program a terminal to enter an authorized account number and then determine the password by repeatedly entering guesses at the correct password until the account is accessed. At that point, the network security has been breached and the unauthorized user's access to the network is limited only by the access rights associated with the account. If, as is often the case, the intruder attempts to access the network system administrator's account, the potential for malfeasance is virtually unlimited.
A similar circumstance exists with respect to voice mail systems. In that situation, an interloper may, with an appropriately configured computer modem, repeatedly enter access codes to obtain unauthorized access to a specific voice mail account without manually entering the access codes on a telephone keypad. A determined interloper will eventually enter the correct access code and be able to listen to messages and, depending on the voice mail system, in some cases, use the voice mail account to place long distance calls and otherwise abuse the system.
Accordingly, passwords and personal identification numbers do not provide adequate security against unauthorized account access because of their vulnerability to observation and/or discovery by repeated trial attempts.